On Sun, Dec 29, 2013 at 05:32:52PM -0500, Watson Ladd wrote: > is to use keys with limited temporal validity periods, say by hashing > with the year or > month/year as well. Then you wait a month and the old key is expired. > Accessing old > mail gets a bit tricky here, but clients could store local copies or > servers could hand out > the needed keys if you are logged in.
You better think hard about caches in the DNS, as well, for this. Consider the timing problems that have bedeviled DNSSEC deployment. A -- Andrew Sullivan [email protected] _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
